Date: Fri, 21 Sep 2007 10:26:32 -0400 From: Tim Polk To: Dean Anderson Subject: Re: future of tls-authz On Sep 20, 2007, at 6:33 PM, Dean Anderson wrote: > On Wed, 19 Sep 2007, Tim Polk wrote: > >> Dean, >> >> On Sep 18, 2007, at 5:28 PM, Dean Anderson wrote: >> >>> It looks like you already picked a strategy; The datatracker shows >>> that last Monday you changed the status to Experimental, Publication >>> Requested. >>> >> >> You will also find a number of other documents in the same state. >> Some of them will be progressed, and some probably will not. As I >> stated in my original message, I believe that Experimental >> publication >> is appropriate for this document. > > I thought that was just one option you were considering. > I think my original email was clear wrt my intentions, and the rationale for doing so. I was asking for guidance on process. You chose not to provide any input. >>> Since there is no community consensus supporting this document in >>> either the TLS working group or in the larger IETF, how do you plan >>> to show that there is an ISOC/IETF interest in advancing this draft? >>> You do know that anything you do has to be in the interest of the >>> IETF. Since there is no consensus supporting this document, it is >>> difficult to see that the ISOC IETF Activity has an objective >>> interest in promoting the patented standard, especially in light of >>> the prior misconduct. >>> >> >> I agree that consensus does not exist for standards track >> publication. > > I haven't seen any consensus for any kind of publication. > The community has not been asked about publication as Experimental Track. >> That is why I am leaning towards yet another Last Call, to determine >> if consensus exists for progression as an Experimental RFC. > > I notice that there is no state transition out of state "Dead". How is > it that the process allows a transition from state "Dead" to state > "Publication Requested"? As you have altered the state in the > datatracker database, I suppose you can next go directly to "IESG > Evaluation", and then to "Approved - ..." etc. Of course, this > seems to > violate the notion of an open process, especially after the community > has rejected the document several times. > Resurrecting a "Dead" ID requires manual processing by the IETF Secretariat. I initiated the process with an email request. I do not know why they don't include state transition information. What part of this process is not open? I am the sponsor, and I am initiating another Last Call to gauge consensus for Experimental track. As I understand the IETF process, I could have taken the document straight to the IESG, and asked them to approve as experimental based on the results of the second Last Call. I chose not to do so - I elected the *most* open process of those available to me... >> I believe that publication is in the best interest of the community, >> *in spite* of the document's history. I was hoping that you could >> help identify the best way to determine if the community agreed with >> me... > > I rather think the community disagrees with you, and has expressed > that > lack of interest through non-support in the TLS working group, and > non-support on the IETF main list, and in the comments of Sam Hartman > withdrawing his support as sponsoring A.D. > The TLS working group declined to take this work on. That is different from not supporting publication. Many, many documents declined by WGs are published as individual submissions. Sam determined that consensus to publish as standards track did not exist, but still believes the technical content merits publication. >>> I would also expect that since your are government employee, that >>> your conflict of interest needs to comply with NIST/Government >>> regulations covering conflict of interest. Do you agree? >> >> My actions need to meet IETF process requirements, government >> regulations, and my own moral compass. I believe that my own moral >> compass is more restrictive than either of the others. I do not have >> any personal interest in this document; to be frank, I expect that >> sponsoring it will be a painful experience. The fact that it is >> self-inflicted won't provide much solace. But, I took the job and >> this apparently comes with the territory. > > Your job doesn't compel you to revive this document after after the > community did not support the document and the other security A.D. > withdrew his support. You have already disclosed (to me) your personal > interest in your close family relationship to Housley. So, it appears > that, your moral compass needs some adjustment. To help you with that, > I'd like to give you a quote from the "Restatement of the Law of > Agency, > Second": > I believe it was my responsibility to take on tls-authz, and stated as much in my first email. The reasons have nothing to do with any personal relationships. Since we have never met, I believed you might be one of the few IETFers that was not aware Russ and I were friends. It is irrelevant to any actions I have taken or will take in my posiiton on the IESG. However, I did not want you to believe that I hid this fact; that would have undermined my attempts for constructive dialogue. So, I noted that fact up front. > ========================= > § 394. Acting for One with Conflicting Interests > > Unless otherwise agreed, an agent is subject to a duty not to act > or to > agree to act during the period of his agency for persons whose > interests > conflict with those of the principal in matters in which the agent is > employed. > > § 394 Comment a. The rule stated in this section goes beyond that > stated in Section 391, which is limited to situations in which the > agent > acts for an adverse party in a transaction to which the principal is a > party. Under the rule stated in this Section, the agent commits a > breach > of duty to his principal by acting for another in an undertaking which > has a substantial tendency to cause him to disregard his duty to serve > his principal with only his principalās purposes in mind. [...] > > This is true although the agent does not agree to give his full > time to > the principalās business and does not use the time paid for by the > principal in acting for another. The danger that he will not be > impartial and that he will use confidential information obtained in > the > business of one in the affairs of the other makes it improper for > him to > act for both. > ========================= > > The "Restatement of the Law of " series is produced by the American > Law Institute as a guide for lawyers to the law. Besides distilled > rules, it contains and index of citations to cases establishing the > rule. Most law offices will have copies, or you can find them at your > local law library. > > Housley violated this rule by acting for Brown, while on the IESG. You > are violating it for acting for Housley. > I am not a lawyer, and will not debate such issues. I will note that I am not "acting for Housley". > This section (also under duties of loyalty) and its comments are also > relevant: > > ======================= > § 390. Acting as Adverse Party with Principalās Consent > > An agent who, to the knowledge of the principal, acts on his own > account > in a transaction in which he is employed has a duty to deal fairly > with > the principal and to disclose to him all facts which the agent > knows or > should know would reasonably affect the principalās judgment, > unless the > principal has manifested that he knows such facts or that he does not > care to know them. > > § 390 Comment a. Facts to be disclosed. One employed as agent violates > no duty to the principal by acting for his own benefit if he makes a > full disclosure of the facts to an acquiescent principal and takes no > unfair advantage of him. Before dealing with the principal on his own > account, however, an agent has a duty, not only to make no > misstatements > of fact, but also to disclose to the principal all relevant facts > fully > and completely. A fact is relevant if it is one which the agent should > realize would be likely to affect the judgment of the principal in > giving his consent to the agent to enter into the particular > transaction > on the specified terms. > > § 390 Comment c. Fairness. The agent must not take advantage of his > position to persuade the principal into making a hard or improvident > bargain. > ======================= > > Housley violated this duty by not disclosing the patent while working > for Brown on the draft. > > This document still represents a "hard or improvident bargain" for the > membership of the ISOC, the ISOC, and the ISOC IETF Activity. > > The IETF has no interest in document, as expressed through the TLS > Working Group, the main IETF list, and Security Director Hartman's > comments. No IETF rule has compelled you take up this effort; No IETF > official has compelled you to take up this effort; you have taken > it up > on your own initiative on behalf of your friend Housley and Brown. Let's be clear: I took this up on my initiative, to fulfill my responsibilities as a member of the IESG. This action is not on behalf of anyone. > That is ethical misconduct. I expect that the NIST has similar > rules on > conflict of interest. > > --Dean > > > > -- > Av8 Internet Prepared to pay a premium for better service? > www.av8.net faster, more reliable, better service > 617 344 9000 > > >